Report - 월간KIMA2021_4월호군사안보0330.docx

ScreenShot

Info
Location map


Created	2021.04.03 10:29	Machine	s1_win7_x6401
Filename	월간KIMA2021_4월호군사안보0330.docx
Type	Microsoft Word 2007+
AI Score	Not founds	Behavior Score	2.8
ZERO API	file : clean
VT API (file)	17 detected (MacroLess, Office97, Groooboor, CVE-2017-0199, equmby, External, ai score=100, Probably Heur, W97OleLink, HjcASR8A)
md5	609c2473571bf703ce985b6e44b8e343
sha256	c8ef6d5139e6175dfa05c9ad6942343277a6c5ed8723472dd508d8d0235714d6
ssdeep	98304:mBNe9iSLToQuMkvX72hJ80VOLb8khrEzm+c9SwFSZPgnAiueci5G:mG9iIkf72Y0cIqAz9InYejG
imphash
impfuzzy

Network IP location

Signature (6cnts)

Level	Description
watch	File has been identified by 17 AntiVirus engines on VirusTotal as malicious
watch	Libraries known to be associated with a CVE were requested (may be False Positive)
notice	Allocates read-write-execute memory (usually to unpack itself)
notice	Creates (office) documents on the filesystem
notice	Creates hidden or system file
notice	Performs some HTTP requests

Rules (1cnts)

Level	Name	Description	Collection
info	test_office	test url	scripts

Network (10cnts) ?

Request	CC	ASN Co	IP4	Rule ?	ZERO ?
http://beilksa.scienceontheweb.net/cookie/select/log/ whois		Zetta Hosting Solutions LLC.	185.176.43.98	690	mailcious
http://beilksa.scienceontheweb.net/cookie/select whois		Zetta Hosting Solutions LLC.	185.176.43.98	690	mailcious
http://beilksa.scienceontheweb.net/cookie/select/ whois		Zetta Hosting Solutions LLC.	185.176.43.98	690	mailcious
http://beilksa.scienceontheweb.net/cookie/select/log/tmp?q=6 whois		Zetta Hosting Solutions LLC.	185.176.43.98	690	mailcious
http://beilksa.scienceontheweb.net/cookie whois		Zetta Hosting Solutions LLC.	185.176.43.98		compromised
http://beilksa.scienceontheweb.net/cookie/ whois		Zetta Hosting Solutions LLC.	185.176.43.98	690	mailcious
http://beilksa.scienceontheweb.net/cookie/select/log/tmp/?q=6 whois		Zetta Hosting Solutions LLC.	185.176.43.98	690	mailcious
http://beilksa.scienceontheweb.net/cookie/select/log whois		Zetta Hosting Solutions LLC.	185.176.43.98	690	mailcious
beilksa.scienceontheweb.net whois		Zetta Hosting Solutions LLC.	185.176.43.98		mailcious
185.176.43.98 whois		Zetta Hosting Solutions LLC.	185.176.43.98		mailcious

Suricata ids

Similarity measure (PE file only) - Checking for service failure